PyPI - maquinaweb-shared-auth - Versions diffs - 0.2.60__py3-none-any.whl - Mend

maquinaweb-shared-auth 0.2.60__py3-none-any.whl

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (28) hide show

maquinaweb_shared_auth-0.2.60.dist-info/METADATA +1003 -0
maquinaweb_shared_auth-0.2.60.dist-info/RECORD +28 -0
maquinaweb_shared_auth-0.2.60.dist-info/WHEEL +5 -0
maquinaweb_shared_auth-0.2.60.dist-info/top_level.txt +1 -0
shared_auth/__init__.py +7 -0
shared_auth/abstract_models.py +897 -0
shared_auth/app.py +9 -0
shared_auth/authentication.py +55 -0
shared_auth/conf.py +33 -0
shared_auth/decorators.py +122 -0
shared_auth/exceptions.py +23 -0
shared_auth/fields.py +51 -0
shared_auth/management/__init__.py +0 -0
shared_auth/management/commands/__init__.py +0 -0
shared_auth/management/commands/generate_permissions.py +147 -0
shared_auth/managers.py +344 -0
shared_auth/middleware.py +281 -0
shared_auth/mixins.py +475 -0
shared_auth/models.py +191 -0
shared_auth/permissions.py +266 -0
shared_auth/permissions_cache.py +249 -0
shared_auth/permissions_helpers.py +251 -0
shared_auth/router.py +22 -0
shared_auth/serializers.py +439 -0
shared_auth/storage_backend.py +6 -0
shared_auth/urls.py +8 -0
shared_auth/utils.py +356 -0
shared_auth/views.py +40 -0

shared_auth/app.py ADDED Viewed

@@ -0,0 +1,9 @@
+from django.apps import AppConfig
+class SharedAuthConfig(AppConfig):
+    default_auto_field = "django.db.models.BigAutoField"
+    name = "shared_auth"
+    def ready(self):
+        from . import models, exceptions # noqa

shared_auth/authentication.py ADDED Viewed

@@ -0,0 +1,55 @@
+"""
+Backend de autenticação usando tokens do banco compartilhado
+"""
+from django.utils.translation import gettext_lazy as _
+from rest_framework import exceptions
+from rest_framework.authentication import TokenAuthentication
+from .utils import get_token_model, get_user_model
+class SharedTokenAuthentication(TokenAuthentication):
+    """
+    Autentica usando tokens do banco de dados compartilhado
+    Usa get_token_model() e get_user_model() para suportar models customizados.
+    Usage em settings.py:
+        REST_FRAMEWORK = {
+            'DEFAULT_AUTHENTICATION_CLASSES': [
+                'shared_auth.authentication.SharedTokenAuthentication',
+            ]
+        }
+    """
+    @property
+    def model(self):
+        """Retorna o model de Token configurado"""
+        return get_token_model()
+    def authenticate_credentials(self, key):
+        """
+        Valida o token no banco de dados compartilhado
+        """
+        Token = get_token_model()
+        User = get_user_model()
+        try:
+            token = Token.objects.get(key=key)
+        except Token.DoesNotExist:
+            raise exceptions.AuthenticationFailed(_("Token inválido."))
+        # Buscar usuário completo
+        try:
+            user = User.objects.get(pk=token.user_id)
+        except User.DoesNotExist:
+            raise exceptions.AuthenticationFailed(_("Usuário não encontrado."))
+        if not user.is_active:
+            raise exceptions.AuthenticationFailed(_("Usuário inativo ou deletado."))
+        if user.deleted_at is not None:
+            raise exceptions.AuthenticationFailed(_("Usuário deletado."))
+        return (user, token)

shared_auth/conf.py ADDED Viewed

@@ -0,0 +1,33 @@
+from django.conf import settings
+def get_setting(name, default):
+    """Retorna valor configurado no settings ou o padrão"""
+    return getattr(settings, name, default)
+# Auth tables
+ORGANIZATION_TABLE = get_setting("SHARED_AUTH_ORGANIZATION_TABLE", "organization_organization")
+ORGANIZATION_GROUP_TABLE = get_setting("SHARED_AUTH_ORGANIZATION_GROUP_TABLE", "organization_organizationgroup")
+USER_TABLE = get_setting("SHARED_AUTH_USER_TABLE", "auth_user")
+MEMBER_TABLE = get_setting("SHARED_AUTH_MEMBER_TABLE", "organization_member")
+TOKEN_TABLE = get_setting("SHARED_AUTH_TOKEN_TABLE", "organization_multitoken")
+# Permission system tables
+SYSTEM_TABLE = get_setting("SHARED_AUTH_SYSTEM_TABLE", "plans_system")
+PERMISSION_TABLE = get_setting("SHARED_AUTH_PERMISSION_TABLE", "organization_permissions")
+PLAN_TABLE = get_setting("SHARED_AUTH_PLAN_TABLE", "plans_plan")
+SUBSCRIPTION_TABLE = get_setting("SHARED_AUTH_SUBSCRIPTION_TABLE", "plans_subscription")
+GROUP_PERMISSIONS_TABLE = get_setting("SHARED_AUTH_GROUP_PERMISSIONS_TABLE", "organization_grouppermissions")
+GROUP_ORG_PERMISSIONS_TABLE = get_setting("SHARED_AUTH_GROUP_ORG_PERMISSIONS_TABLE", "organization_grouporganizationpermissions")
+MEMBER_SYSTEM_GROUP_TABLE = get_setting("SHARED_AUTH_MEMBER_SYSTEM_GROUP_TABLE", "organization_membersystemgroup")
+# и т.д.
+# ManyToMany tables
+PLAN_GROUP_PERMISSIONS_TABLE = get_setting("SHARED_AUTH_PLAN_GROUP_PERMISSIONS_TABLE", "plans_plan_group_permissions")
+GROUP_PERMISSIONS_PERMISSIONS_TABLE = get_setting("SHARED_AUTH_GROUP_PERMISSIONS_PERMISSIONS_TABLE", "organization_grouppermissions_permissions")
+GROUP_ORG_PERMISSIONS_PERMISSIONS_TABLE = get_setting("SHARED_AUTH_GROUP_ORG_PERMISSIONS_PERMISSIONS_TABLE", "organization_grouporganizationpermissions_permissions")
+# Other settings
+CLOUDFRONT_DOMAIN = get_setting("CLOUDFRONT_DOMAIN", "")
+CUSTOM_DOMAIN_AUTH = get_setting("CUSTOM_DOMAIN_AUTH", CLOUDFRONT_DOMAIN)
+SYSTEM_ID = get_setting("SYSTEM_ID", None)

shared_auth/decorators.py ADDED Viewed

@@ -0,0 +1,122 @@
+"""
+Decorators para views funcionais
+"""
+from functools import wraps
+from django.http import JsonResponse
+from .utils import get_organization_model, get_token_model, get_user_model
+def require_auth(view_func):
+    """
+    Decorator que requer autenticação
+    Usage:
+        @require_auth
+        def my_view(request):
+            return JsonResponse({'user': request.user.email})
+    """
+    @wraps(view_func)
+    def wrapped_view(request, *args, **kwargs):
+        # Extrair token
+        token = _get_token_from_request(request)
+        if not token:
+            return JsonResponse({"error": "Token não fornecido"}, status=401)
+        # Validar token
+        Token = get_token_model()
+        User = get_user_model()
+        try:
+            token_obj = Token.objects.get(key=token)
+            user = User.objects.get(pk=token_obj.user_id)
+            if not user.is_active or user.deleted_at is not None:
+                return JsonResponse({"error": "Usuário inativo"}, status=401)
+            request.user = user
+            request.auth = token_obj
+        except (Token.DoesNotExist, User.DoesNotExist):
+            return JsonResponse({"error": "Token inválido"}, status=401)
+        return view_func(request, *args, **kwargs)
+    return wrapped_view
+def require_organization(view_func):
+    """
+    Decorator que requer organização ativa
+    """
+    @wraps(view_func)
+    @require_auth
+    def wrapped_view(request, *args, **kwargs):
+        if not hasattr(request, "organization_id") or not request.organization_id:
+            return JsonResponse({"error": "Organização não definida"}, status=403)
+        # Buscar organização
+        Organization = get_organization_model()
+        try:
+            org = Organization.objects.get(pk=request.organization_id)
+            if not org.is_active():
+                return JsonResponse({"error": "Organização inativa"}, status=403)
+            request.organization = org
+        except Organization.DoesNotExist:
+            return JsonResponse({"error": "Organização não encontrada"}, status=404)
+        return view_func(request, *args, **kwargs)
+    return wrapped_view
+def require_same_organization(view_func):
+    """
+    Decorator que verifica se objeto pertence à mesma organização
+    O objeto deve estar em kwargs['pk'] ou kwargs['id']
+    """
+    @wraps(view_func)
+    @require_organization
+    def wrapped_view(request, *args, **kwargs):
+        obj_id = kwargs.get("pk") or kwargs.get("id")
+        if not obj_id:
+            return view_func(request, *args, **kwargs)
+        # Aqui você precisa buscar o objeto e verificar
+        # Exemplo genérico - adapte conforme seu model
+        # Tentar identificar o model pelo path
+        # Esta é uma implementação básica
+        # Em produção, você pode passar o model como parâmetro
+        return view_func(request, *args, **kwargs)
+    return wrapped_view
+def _get_token_from_request(request):
+    """Helper para extrair token"""
+    auth_header = request.META.get("HTTP_AUTHORIZATION", "")
+    if auth_header.startswith("Token "):
+        return auth_header.split(" ")[1]
+    token = request.META.get("HTTP_X_AUTH_TOKEN")
+    if token:
+        return token
+    token = request.COOKIES.get("auth_token")
+    if token:
+        return token
+    return None

shared_auth/exceptions.py ADDED Viewed

@@ -0,0 +1,23 @@
+from rest_framework.exceptions import APIException
+"""
+Exceções customizadas
+"""
+class SharedAuthError(APIException):
+    """Erro base da biblioteca"""
+    pass
+class OrganizationNotFoundError(SharedAuthError):
+    status_code = 404
+    default_detail = 'Organização não encontrada.'
+    default_code = 'organization_not_found'
+class UserNotFoundError(SharedAuthError):
+    status_code = 404
+    default_detail = 'Usuário não encontrado.'
+    default_code = 'user_not_found'
+class DatabaseConnectionError(SharedAuthError):
+    status_code = 500
+    default_detail = 'Erro interno'
+    default_code = 'internal_error'

shared_auth/fields.py ADDED Viewed

@@ -0,0 +1,51 @@
+from rest_framework import serializers
+"""
+Fields customizados para facilitar ainda mais
+"""
+"""
+Fields customizados para facilitar ainda mais
+"""
+class OrganizationField(serializers.Field):
+    """
+    Field que retorna dados completos da organização
+    Usage:
+        class RascunhoSerializer(serializers.ModelSerializer):
+            organization = OrganizationField(source='*')
+    """
+    def to_representation(self, obj):
+        try:
+            org = obj.organization
+            return {
+                "id": org.pk,
+                "name": org.name,
+                "fantasy_name": org.fantasy_name,
+                "cnpj": org.cnpj,
+                "email": org.email,
+                "is_active": org.is_active(),
+            }
+        except Exception:
+            return None
+class UserField(serializers.Field):
+    """
+    Field que retorna dados completos do usuário
+    """
+    def to_representation(self, obj):
+        try:
+            user = obj.user
+            return {
+                "id": user.pk,
+                "username": user.username,
+                "email": user.email,
+                "full_name": user.get_full_name(),
+                "is_active": user.is_active,
+            }
+        except Exception:
+            return None

shared_auth/management/__init__.py ADDED Viewed

File without changes

shared_auth/management/commands/__init__.py ADDED Viewed

File without changes

shared_auth/management/commands/generate_permissions.py ADDED Viewed

@@ -0,0 +1,147 @@
+from pathlib import Path
+import yaml
+from django.conf import settings
+from django.core.management.base import BaseCommand, CommandError
+from shared_auth.conf import get_setting
+DEFAULT_ACTIONS = [
+    ("add", "Adicionar"),
+    ("view", "Visualizar"),
+    ("change", "Editar"),
+    ("delete", "Excluir"),
+]
+class Command(BaseCommand):
+    help = "Generate permissions from permissions.yml"
+    def add_arguments(self, parser):
+        parser.add_argument(
+            "--file",
+            default="permissions.yml",
+            help="Path to permissions YAML file (default: permissions.yml)",
+        )
+        parser.add_argument(
+            "--dry-run",
+            action="store_true",
+            help="Show what would be done without making changes",
+        )
+    def handle(self, *args, **options):
+        from shared_auth.utils import get_permission_model, get_system_model
+        system_id = get_setting("SYSTEM_ID", None)
+        if not system_id:
+            raise CommandError("SYSTEM_ID not configured in settings.")
+        System = get_system_model()
+        try:
+            system = System.objects.using("auth_db").get(id=system_id)
+        except System.DoesNotExist:
+            raise CommandError(f"System with ID {system_id} not found.")
+        self.stdout.write(f"System: {system.name} (ID: {system_id})")
+        # Find and parse YAML
+        yaml_path = self._find_yaml(options["file"])
+        if not yaml_path:
+            raise CommandError(f"File not found: {options['file']}")
+        with open(yaml_path, encoding="utf-8") as f:
+            data = yaml.safe_load(f)
+        scopes = data.get("scopes", {})
+        if not scopes:
+            raise CommandError("No scopes found in YAML file.")
+        Permission = get_permission_model()
+        dry_run = options["dry_run"]
+        created, updated = 0, 0
+        for scope_key, scope_data in scopes.items():
+            scope_name = scope_data.get("name", scope_key)
+            models = scope_data.get("models", [])
+            self.stdout.write(f"\n[{scope_key}] {scope_name}")
+            for model_config in models:
+                model_name = model_config.get("model")
+                model_display_name = model_config.get("name", model_name)
+                if not model_name:
+                    continue
+                # Create default CRUD permissions
+                for action, action_name in DEFAULT_ACTIONS:
+                    codename = f"{action}_{model_name}"
+                    name = f"{action_name} {model_display_name}"
+                    c, u = self._create_permission(
+                        Permission, codename, name, scope_key, system_id, dry_run
+                    )
+                    created += c
+                    updated += u
+                # Create custom permissions
+                custom_permissions = model_config.get("custom_permissions", [])
+                for custom_perm in custom_permissions:
+                    action = custom_perm.get("action")
+                    perm_name = custom_perm.get("name")
+                    if not action:
+                        continue
+                    codename = f"{action}_{model_name}"
+                    name = perm_name or f"{action} {model_display_name}"
+                    c, u = self._create_permission(
+                        Permission, codename, name, scope_key, system_id, dry_run
+                    )
+                    created += c
+                    updated += u
+        self.stdout.write(f"\nCreated: {created} | Updated: {updated}")
+    def _create_permission(
+        self, Permission, codename, name, scope, system_id, dry_run
+    ) -> tuple[int, int]:
+        """Create or update a permission. Returns (created_count, updated_count)."""
+        defaults = {"name": name, "scope": scope}
+        if dry_run:
+            exists = (
+                Permission.objects.using("auth_db")
+                .filter(codename=codename, system_id=system_id)
+                .exists()
+            )
+            status = "exists" if exists else "new"
+            self.stdout.write(f"  [{status}] {codename}")
+            return (0, 0)
+        obj, is_new = Permission.objects.using("auth_db").update_or_create(
+            codename=codename,
+            system_id=system_id,
+            defaults=defaults,
+        )
+        if is_new:
+            self.stdout.write(self.style.SUCCESS(f"  + {codename}"))
+            return (1, 0)
+        self.stdout.write(f"  ~ {codename}")
+        return (0, 1)
+    def _find_yaml(self, file_path: str) -> Path | None:
+        paths = [
+            Path(file_path),
+            Path(settings.BASE_DIR) / file_path
+            if hasattr(settings, "BASE_DIR")
+            else None,
+            Path.cwd() / file_path,
+        ]
+        for p in paths:
+            if p and p.exists():
+                return p
+        return None